Overview

overview

10

Static

static

6cc510a772...a2.exe

windows7-x64

10

6cc510a772...a2.exe

windows10-2004-x64

10

Resubmissions

09-10-2022 17:06

221009-vmk8jahcg4 10

09-10-2022 17:05

221009-vlwymshdgq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2.zip

  • Size

    410KB

  • Sample

    221009-vlwymshdgq

  • MD5

    b9a77d7a2066ed2f57268834846e763b

  • SHA1

    a2b16ac1b3a164808b9629980a7d6d71d96a5513

  • SHA256

    fe23d4b7a9db3c937523afecdbe14969987c27f35b9bb9c90f656bcd897bcb87

  • SHA512

    4054cc84cf2906c8543c6631d1054894fadcd8c9ef1537df9b09ee09876458dbcfa2529d5371c5aea61ffa1ece0f5ef00d487767f63b2d31cfb77e7e043ecad7

  • SSDEEP

    6144:Rp6kVHYlu0jeRGChrOEKHebiT9QTZ2SScS1cBrnT55jr+Zke0lqXzT4:D6kV2NsOFRQlY71arnfj6ZR0l+4

Score
10/10
avoslockerransomware

Malware Config

Extracted

Path

C:\GET_YOUR_FILES_BACK.txt

Family

avoslocker

Ransom Note
Attention! Your files have been encrypted using AES-256. We highly suggest not shutting down your computer in case encryption process is not finished, as your files may get corrupted. In order to decrypt your files, you must pay for the decryption key & application. You may do so by visiting us at http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion. This is an onion address that you may access using Tor Browser which you may download at https://www.torproject.org/download/ Details such as pricing, how long before the price increases and such will be available to you once you enter your ID presented to you below in this note in our website. Contact us soon, because those who don't have their data leaked in our press release blog and the price they'll have to pay will go up significantly. The corporations whom don't pay or fail to respond in a swift manner can be found in our blog, accessible at http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion Your ID: 08604a3c44a32c3c2a51182916c1de99605478319605c31f1215e6109c01f9db
URLs

http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion

http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion

Targets

    • Target

      6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2

    • Size

      919KB

    • MD5

      40f2238875fcbd2a92cfefc4846a15a8

    • SHA1

      06dce6a5df6ee0099602863a47e2cdeea4e34764

    • SHA256

      6cc510a772d7718c95216eb56a84a96201241b264755f28875e685f06e95e1a2

    • SHA512

      8ab1a2124a67e91a4e1842b5f600f977d3d72d398b64ee690c297a04b733e60e01fe4383a1fdf25bb412bc1294d69c5402bd60159c3125bdfb709d024c8e04b8

    • SSDEEP

      24576:ID7x8JDwepWTu/g6YvOkAT5OdAP6tfKf2J9lb:Ifx8JDwepWaOvOkANOdS6BT9V

    Score
    10/10
    avoslockerransomware

    • Avoslocker Ransomware

      Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

      ransomwareavoslocker

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks